-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
How would one go about having a specific syscall number reserved in
entry.S? I'm exploring doing a kill inside the kernel from a detection
done in userspace, which would allow the executable header of the binary
to indicate whether the task should be killed or not; if it works, the
changes will likely not go into mainline, but will still require a
non-changing syscall index (assuming I understood the syscall manpage
properly).
On a side note, if a syscall doesn't exist, how would that be detected
in userspace?
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBf+1thDd4aOud5P8RAkeNAJsFJD2l7Up62+/P+SHbJ3l7MwbM0gCfUE/Y
vDgYr0SXlrkrwXZyEZw86QE=
=jmbP
-----END PGP SIGNATURE-----
On Wed, 27 Oct 2004, John Richard Moser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> How would one go about having a specific syscall number reserved in
> entry.S? I'm exploring doing a kill inside the kernel from a detection
> done in userspace, which would allow the executable header of the binary
> to indicate whether the task should be killed or not; if it works, the
> changes will likely not go into mainline, but will still require a
> non-changing syscall index (assuming I understood the syscall manpage
> properly).
>
> On a side note, if a syscall doesn't exist, how would that be detected
> in userspace?
> - --
Look at ld.so.preload for potential capabilities to control any
executable.
Also what's the problem with sending the task a signal when
the detection has been done?
If the usual capabilites are not sufficient, then make
a driver (module).
Cheers,
Dick Johnson
Penguin : Linux version 2.6.9 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached and reviewed by John Ashcroft.
98.36% of all statistics are fiction.
* John Richard Moser ([email protected]) wrote:
> How would one go about having a specific syscall number reserved in
> entry.S? I'm exploring doing a kill inside the kernel from a detection
> done in userspace, which would allow the executable header of the binary
> to indicate whether the task should be killed or not; if it works, the
> changes will likely not go into mainline, but will still require a
> non-changing syscall index (assuming I understood the syscall manpage
> properly).
To reserve a syscall there needs to be some users and some eventual hope
of merging. The idea, btw, means anyone can specify the value in the
binary, so it could just as easily be done via prctl or something
similar that makes the out of tree patch easier to maintain. Although,
I don't actually see the value with the description above.
> On a side note, if a syscall doesn't exist, how would that be detected
> in userspace?
ENOSYS error.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
linux-os wrote:
| On Wed, 27 Oct 2004, John Richard Moser wrote:
|
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> How would one go about having a specific syscall number reserved in
|> entry.S? I'm exploring doing a kill inside the kernel from a detection
|> done in userspace, which would allow the executable header of the binary
|> to indicate whether the task should be killed or not; if it works, the
|> changes will likely not go into mainline, but will still require a
|> non-changing syscall index (assuming I understood the syscall manpage
|> properly).
|>
|> On a side note, if a syscall doesn't exist, how would that be detected
|> in userspace?
|> - --
|
|
| Look at ld.so.preload for potential capabilities to control any
| executable.
|
| Also what's the problem with sending the task a signal when
| the detection has been done?
|
| If the usual capabilites are not sufficient, then make
| a driver (module).
|
I'm attempting to figure a way to control the IBM stack smash protector
via a flag in the ELF header, without opening the executable image on
disk and checking manually. If there is a way to do this from
userspace, that would be acceptable.
|
| Cheers,
| Dick Johnson
| Penguin : Linux version 2.6.9 on an i686 machine (5537.79 BogoMips).
| Notice : All mail here is now cached and reviewed by John Ashcroft.
| 98.36% of all statistics are fiction.
|
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBf/04hDd4aOud5P8RAm0AAJ9FWZ2d0hJpS5qDhogRPM6mWZJDOwCfe5YC
BynHiZzH94hn5XnSLZlNqyc=
=jMqN
-----END PGP SIGNATURE-----